Hello Everybody
Here is the infrastructure I want :
Client => Internet => Squid => RDS Gateway => VM
Here is my configuration :
https_port public_name:443 accel cert=/etc/ssl/private/servercert.pem
key=/etc/ssl/private/serverkey.pem cafile=/etc/ssl/private/intermediate.pem
capath=/etc/ssl/private/ defaultsite=parentserver.domain.qh version=1
cache_peer parentservername parent 443 0 no-query originserver ssl
sslcert=/etc/ssl/private/servercert.crt.pem
sslkey=/etc/ssl/private/serverkey.pem sslcapath=/etc/ssl/private/
login=PASSTHRU connection-auth=on ssloptions=ALL name=gateway
sslflags=DONT_VERIFY_PEER front-end-https=on no-digest
acl RDS dstdomain parentservername
cache_peer_access gateway allow all
#cache_peer_access gateway deny all
http_access allow all
miss_access allow all
#http_access allow RDS
#http_access deny all
#miss_access allow RDS
#miss_access deny all
debug_options ALL,2
#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
cache_mem 8 MB
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256
# Leave coredumps in the first cache dir
#coredump_dir /usr/local/squid/var/cache/squid
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
As you can see all is open but i have a problem.
My configuration didn't work but yesterday I managed to log me 3 times from
the office.
Ten minutes after i could no longer log to the machine.
I tried to log on at home last night and this morning and it worked. But now
nobody can connect to the gateway.
You can see the log when i could connect :
1372701961.331 79301 public_ip_client TCP_MISS_ABORTED/000 0 RPC_IN_DATA
https://public_name.com/rpc/rpcproxy.dll? - PINNED/private_parentserver_ip -
1372702018.639 8 public_ip_client TCP_MISS/401 695 RPC_IN_DATA
https://public_name.com/rpc/rpcproxy.dll? -
FIRSTUP_PARENT/private_parentserver_ip text/plain
1372702018.735 7 public_ip_client TCP_MISS/401 695 RPC_OUT_DATA
https://public_name.com/rpc/rpcproxy.dll? -
FIRSTUP_PARENT/private_parentserver_ip text/plain
1372702025.441 6780 public_ip_client TCP_MISS_ABORTED/000 0 RPC_IN_DATA
https://public_name.com/rpc/rpcproxy.dll? - PINNED/private_parentserver_ip -
1372702025.441 6686 public_ip_client TCP_MISS_ABORTED/200 7319
RPC_OUT_DATA https://public_name.com/rpc/rpcproxy.dll? -
PINNED/private_parentserver_ip application/rpc
1372702506.635 8 public_ip_client TCP_MISS/401 695 RPC_IN_DATA
https://public_name.com/rpc/rpcproxy.dll? -
FIRSTUP_PARENT/private_parentserver_ip text/plain
1372702506.728 7 public_ip_client TCP_MISS/401 695 RPC_OUT_DATA
https://public_name.com/rpc/rpcproxy.dll? -
FIRSTUP_PARENT/private_parentserver_ip text/plain
1372702514.727 7963 public_ip_client TCP_MISS_ABORTED/200 103543
RPC_OUT_DATA https://public_name.com/rpc/rpcproxy.dll? -
PINNED/private_parentserver_ip application/rpc
1372702514.728 8074 public_ip_client TCP_MISS_ABORTED/000 0 RPC_IN_DATA
https://public_name.com/rpc/rpcproxy.dll? - PINNED/private_parentserver_ip -
1372703139.182 11 public_ip_client TCP_MISS/401 695 RPC_IN_DATA
https://public_name.com/rpc/rpcproxy.dll? -
FIRSTUP_PARENT/private_parentserver_ip text/plain
1372703139.295 8 public_ip_client TCP_MISS/401 695 RPC_OUT_DATA
https://public_name.com/rpc/rpcproxy.dll? -
FIRSTUP_PARENT/private_parentserver_ip text/plain
1372703146.054 6851 public_ip_client TCP_MISS_ABORTED/000 0 RPC_IN_DATA
https://public_name.com/rpc/rpcproxy.dll? - PINNED/private_parentserver_ip -
1372703146.054 6709 public_ip_client TCP_MISS_ABORTED/200 7319
RPC_OUT_DATA https://public_name.com/rpc/rpcproxy.dll? -
PINNED/private_parentserver_ip application/rpc
1372706052.563 123 public_ip_client TCP_MISS/401 695 RPC_IN_DATA
https://public_name.com/rpc/rpcproxy.dll? -
FIRSTUP_PARENT/private_parentserver_ip text/plain
1372706052.687 7 public_ip_client TCP_MISS/401 695 RPC_OUT_DATA
https://public_name.com/rpc/rpcproxy.dll? -
FIRSTUP_PARENT/private_parentserver_ip text/plain
1372706151.972 99259 public_ip_client TCP_MISS_ABORTED/200 14007
RPC_OUT_DATA https://public_name.com/rpc/rpcproxy.dll? -
PINNED/private_parentserver_ip application/rpc
1372706151.972 99385 public_ip_client TCP_MISS_ABORTED/000 0 RPC_IN_DATA
https://public_name.com/rpc/rpcproxy.dll? - PINNED/private_parentserver_ip -
1372709339.193 118 public_ip_client TCP_MISS/401 695 RPC_IN_DATA
https://public_name.com/rpc/rpcproxy.dll? -
FIRSTUP_PARENT/private_parentserver_ip text/plain
1372709339.329 7 public_ip_client TCP_MISS/401 695 RPC_OUT_DATA
https://public_name.com/rpc/rpcproxy.dll? -
FIRSTUP_PARENT/private_parentserver_ip text/plain
1372709383.530 44313 public_ip_client TCP_MISS_ABORTED/000 0 RPC_IN_DATA
https://public_name.com/rpc/rpcproxy.dll? - PINNED/private_parentserver_ip -
1372709383.532 44177 public_ip_client TCP_MISS/200 7319 RPC_OUT_DATA
https://public_name.com/rpc/rpcproxy.dll? - PINNED/private_parentserver_ip
application/rpc
1372710088.478 9 public_ip_client TCP_MISS/401 695 RPC_IN_DATA
https://public_name.com/rpc/rpcproxy.dll? -
FIRSTUP_PARENT/private_parentserver_ip text/plain
1372710088.584 7 public_ip_client TCP_MISS/401 695 RPC_OUT_DATA
https://public_name.com/rpc/rpcproxy.dll? -
FIRSTUP_PARENT/private_parentserver_ip text/plain
1372710480.819 392320 public_ip_client TCP_MISS/502 4579 RPC_IN_DATA
https://public_name.com/rpc/rpcproxy.dll? - PINNED/private_parentserver_ip
text/html
1372710480.819 392209 public_ip_client TCP_MISS/200 7231 RPC_OUT_DATA
https://public_name.com/rpc/rpcproxy.dll? - PINNED/private_parentserver_ip
application/rpc
1372744890.663 123 public_ip_client TCP_MISS/401 695 RPC_IN_DATA
https://public_name.com/rpc/rpcproxy.dll? -
FIRSTUP_PARENT/private_parentserver_ip text/plain
1372744890.772 7 public_ip_client TCP_MISS/401 695 RPC_OUT_DATA
https://public_name.com/rpc/rpcproxy.dll? -
FIRSTUP_PARENT/private_parentserver_ip text/plain
1372745699.263 808576 public_ip_client TCP_MISS/502 4583 RPC_IN_DATA
https://public_name.com/rpc/rpcproxy.dll? - PINNED/private_parentserver_ip
text/html
1372745699.263 808466 public_ip_client TCP_MISS/200 7371 RPC_OUT_DATA
https://public_name.com/rpc/rpcproxy.dll? - PINNED/private_parentserver_ip
application/rpc
Even if I could connect you can see errors 401 and 502
The logs now :
1372768605.501 7 public_ip_client TCP_MISS/401 959 RDG_OUT_DATA
https://public_name/remoteDesktopGateway/ -
FIRSTUP_PARENT/private_parentserver_ip text/html
1372768605.663 1 public_ip_client TCP_MISS/502 4583 RDG_OUT_DATA
https://public_name/remoteDesktopGateway/ - PINNED/private_parentserver_ip
text/html
1372771702.991 17 public_ip_client TCP_MISS/401 959 RDG_OUT_DATA
https://public_name/remoteDesktopGateway/ -
FIRSTUP_PARENT/private_parentserver_ip text/html
1372771703.897 2 public_ip_client TCP_MISS/502 4561 RDG_OUT_DATA
https://public_name/remoteDesktopGateway/ - PINNED/private_parentserver_ip
text/html
1372771769.011 7 public_ip_client TCP_MISS/401 959 RDG_OUT_DATA
https://public_name/remoteDesktopGateway/ -
FIRSTUP_PARENT/private_parentserver_ip text/html
1372771769.466 2 public_ip_client TCP_MISS/502 4559 RDG_OUT_DATA
https://public_name/remoteDesktopGateway/ - PINNED/private_parentserver_ip
text/html
1372772425.281 7 public_ip_client TCP_MISS/401 959 RDG_OUT_DATA
https://public_name/remoteDesktopGateway/ -
FIRSTUP_PARENT/private_parentserver_ip text/html
1372772425.442 2 public_ip_client TCP_MISS/502 4573 RDG_OUT_DATA
https://public_name/remoteDesktopGateway/ - PINNED/private_parentserver_ip
text/html
I'm confused, can you tell me if my setup looks good and if there is an
explanation?
-- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Windows-RDS-Gateway-with-Squid-3-3-5-tp4660878.html Sent from the Squid - Users mailing list archive at Nabble.com.Received on Tue Jul 02 2013 - 14:37:10 MDT
This archive was generated by hypermail 2.2.0 : Wed Jul 03 2013 - 12:00:12 MDT